At least 36 high-end smartphones from popular companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo have been found to have pre-loaded malware.
These malware detected by Check Point on a scan was conducted on Android devices. The security company discovered two malware families on the infected devices: Loki and SLocker.
According to Friday's research by Check Point researchers, these malicious applications were not part of the official firmware ROM provided by the smartphone manufacturers, but later settled somewhere along the way from the production plants to the distribution chain, and before they reached devices in the hands of the consumer.
The Loki trojan was first seen in February of 2016. Malicious software strikes the devices in the basic operating system of the Android operating system to acquire root rights. The trojan also includes spyware features, and intercepts the list of applications that are used, browsing history, contacts list, call history, and location data.
On the other hand, SLocker is a mobile ransomware that locks the devices of his victims for ransom and communicates via Tor in order to hide the identity of his creators.
Below is the list of infected smartphones:
- Galaxy Note 2
- LG G4
- Galaxy S7
- Galaxy S4
- Galaxy Note 4
- Galaxy Note 5
- Xiaomi Mi 4i
- Galaxy A5
- ZTE x500
- Galaxy Note 3
- Galaxy Note Edge
- Galaxy Tab S2
- Galaxy Tab 2
- O
- Vivo X6 plus
- Nexus 5
- Nexus 5X
- Asus Zenfone 2
- LenovoS90
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
Backdoor offers unlimited access to infected systems. The hacker can download, install and activate malware on Android, delete user data, uninstall security software, and disable system applications to call premium phone numbers.
The incident highlights the dangers of acquiring devices from unreliable distribution chains, and experts are concerned about security after having reported over 20 incidents where retailers are able to pre-install malicious software on new Android devices.
How to Remove Malware:
Malware applications are installed on the device ROM, using system privileges, and so it is difficult to get rid of them.
To remove malware from infected systems, you will need to root your device and uninstall the malware, or you will need to reinstall the firmware / ROM through a process called "Flashing."
Flashing is a complex process, and is especially recommended for novice users to turn off the device and seek help from a certified technician or mobile service provider.
The full list of malicious apps is available in its release Check Point.